Global disruptions due to the COVID-19 pandemic are forcing organizations to focus on how end-user computing resources can support users if workplace access is disrupted. I&O leaders must stress-test systems and review investment levels and capabilities to prepare for disrupting events.
Policies for device management, remote access and support for remote work have not scaled with the sudden spike in demand. I&O leaders are struggling to get users back to work during a workplace disruption.
The capacity of client and app virtualization infrastructure, network carrier service contracts and VPN infrastructure are not designed to support 100% of the organization working remotely.
Current events have impacted global supply chains, limiting I&O leaders’ ability to provide the resources workers require to be productive remotely.
I&O leaders focused on digital workplace infrastructure and operations must:
Ensure access for remote workers by expanding use of tools like VDI and investigating the use of DaaS where VDI is not an option.
Review policies, standards and guidance on remote work and device management, and ensure carrier services are available to keep users connected and working while remote.
Assemble and ship remote “work kits” for key staff, outlining eligibility, availability and entitlement for these kits and immediately assembling them with a mix of new and backup or retired hardware that remains fit for purpose.
Enabling workers to remain productive outside of the workplace is part of any sound long-term I&O strategy. But unforeseen disruptions such as man-made and natural disasters cause immediate, sudden spikes in demand that can be difficult to accommodate. The COVID-19 pandemic has thrust IT into a crash course in quickly scaling the ability to support workers remotely. This may include using additional infrastructure and key systems “as a service.”
How can I&O leaders ensure their organization can limit the impact of disruptive events to end-user computing services? I&O leaders must focus on reviewing access, updating policies to streamline remote work and assembling hardware to support key staff (see Figure 1).
The ability for users to remotely connect to key systems and IT’s ability to support users will determine the level of disruption to day-to-day work during any outages or workplace closures. Some companies may assume that their employees can work from local coffee shops and other gathering places using public Wi-Fi access. However, the nature of a disruption may preclude this. Thus, when planning to ask employees to work from home in this unusual circumstance, I&O leaders should:
Build in contingencies for local internet provider congestion. Although fiber access is growing in availability, it is still the minority of home access connections in many countries. The older the type of internet access, the more limited it is in bandwidth (for example, DSL). In addition, local providers often use statistical multiplexing at the central office — that is, they provision central office equipment to support a planned number of simultaneous users from the neighborhood. In the case of copper wire, the number of planned- and engineered-for simultaneous users is usually modest. Sending more people home to telework could exceed these limits and result in congestion, which usually increases both packet latency and loss, potentially impairing a particular application’s performance. In this circumstance, the limits for an area served by copper wire could be exceeded. This also could be the case for cable- and fiber-based services due to an unprecedented surge in demand. Local congestion is less likely when the line going into the residence is fiber to the home or fiber to the curb. Congestion is likely to be less of a concern once data moves from the local ISP to the backbone ISP.
Verify the current licenses for VPN.Make sure you have enough VPN licenses to support remote work across the organization. Although most companies overprovision the number of simultaneous users that their firewall and VPN support, organizations rarely purchase enough licenses for the entire organization — or much of it — to use these tools concurrently. Gartner has observed some clients making use of dedicated business continuity/disaster recovery (BC/DR)
infrastructure as a stopgap solution to quickly ramp up the number of available ports for remote connections. Gartner advises clients using this approach to plan to replace those licenses to avoid adversely affecting future BC/DR readiness.
Plan foradditional software licenses and services. For software, ask vendors for more flexible licensing terms to avoid paying for perpetual licenses to fill a temporary requirement. Ask for annual subscriptions or even month-to-month subscriptions charged at the annual rate. Where subscriptions are not available, ask to pay annual maintenance on additional seats without purchasing the underlying perpetual licenses. For services, request that providers allow commitments of no more than 30 days, with a 30-day cancellation notice.
When users need to work remotely, they may have access to an enterprise-managed notebook, a personal device or no device. Plans must cater for each scenario. All users would benefit from access to desktop virtualization to enable remote working because it allows enterprise applications to be securely accessed from any device and any location. If the user has an unmanaged or partially managed device, enterprises can reduce risk as data remains within the desktop virtualization solution. Many organizations leverage published applications, VDI or desktop as a service (DaaS) to support remote working because it allows enterprise applications to be securely accessed from many devices and locations. On-premises published applications and VDI require hardware that must be sized to support peak use, and organizations likely will have difficulty procuring additional hardwareon short notice. Published applications are generally more efficient than VDI, so having users access published applications instead of VDI may improve capacity. However, some applications may not be compatible with published application technologies.
Organizations that do not have remote applications or VDI will not be able to take the time to implement them rapidly. They also will not have the skills to implement or manage them and may look to DaaS or hosted published application services instead. Buying as a service has distinct advantages if additional infrastructure is required because most providers leverage a hyperscale cloud service. However, it is unclear whether cloud providers will have sufficient resources to handle a significant sudden increase in demand.Work with your DaaS provider to ensure you’ll have the resources you need. But the only way to ensure resources when your users need them is to contract for dedicated instances, which will be more expensive and may not be available for short-term commitments.
I&O leaders commissioning a new DaaS environment should identify the applications, data and configurations that users will require to provide a working solution. Plan for the rapidly deployed solution to be a minimally viable service on Day 1, with additional features configured over a period of time. More information on cost and appropriateness of VDI and DaaS offerings can be found in
Users will still need endpoint devices to access VDI or DaaS.Users without a company-issued notebook PC may have a personally owned device that could be used for remote access, but this can result in users calling the service desk for help getting their personal devices to connect to enterprise systems. Personally owned devices also pose a risk as the operating system may not have been adequately updated and may also contain malware. Any remote access to desktop virtualization should include multifactor authentication. For additional security using personal devices, USB boot sticks are available from IGEL and Stratodesk, which will provide a secure operating system allowing the user to connect to remote applications and desktops. USB devices can also be configured using Windows To Go for organizations, though compatible hardware may be difficult to source.
Confirm workers’ access to an IP network; although most employees can access the internet from their homes, not everyone can. Confirm home internet access, the subscribed bandwidth (for both the downlink and uplink) and, if possible, the type of internet access (cable modem versus telecom carrier). Determine if a particular internet landline provider has instituted a cap before traffic is throttled or blocked. Educate employees about congestion problems they may encounter if everyone in the household is using high-bandwidth internet applications at the same time. If your company requires a broadband connection of greater bandwidth than the employee currently has, be prepared to reimburse the employee for the upgrade during the emergency period.
Depending on the country and plan, many personal mobile phone subscriptions include an unlimited number, or a very large number, of in-country calls. Messaging allotments tend to be similarly generous. In these instances, employees can use these devices for professional purposes without incurring additional cost. But this is not true for mobile/cellular data. Caps exist for both mobile phones/tablets and mobile Wi-Fi hotspots. Exceeding them will cost additional money and may result in the provider throttling or blocking the overage. If not in place, clear communication regarding how workers can submit costs for reimbursement or plan changes is a worthwhile exercise as these processes will be a lasting, material improvement to existing mobile or usage policies that lack them today. Considering a temporary stipend to reduce users’ out-of-pocket costs is a simple, but effective method to diminish the impact of service- and cost-related burdens.
In addition to these measures, expand time frames for policy actions such as device lockouts or automatic wiping of devices after a period of being idle from the conventional 30 days to 60, 90 or 120 days. Planning for network outages and the likelihood that users will not have access to certain devices, as well as extending timeouts for devices can help minimize the risk of unnecessary data loss and preserve continuity of operations during and after a major impact event.
The opportunity to complete work tasks away from the workplace varies by organization and by role within a given organization. Decisions on where a user can work, and with what technology, are often based on established governance. In the majority of cases, this governance has not been drafted
I&O leaders must review policies that address approval for alternate work locations, and device types and how those devices are secured and managed. Ensure that PCs and mobile devices are enrolled in unified endpoint management (UEM) tools so that they can be updated when not on the company network so that applications can be pushed out as needed. The ability to push patches and updates as well as device configurations will also be a key element to ensure that service desk personnel can assist users with IT problems remotely.
UEM tools should be in place to ensure updates and patches can be reliably delivered to systems off-network. Traditional endpoint management tools will face challenges delivering patches and updates to devices off-network. These tools may need to be reconfigured or enhanced to support the increased volume of remote devices. Tools to optimize the distribution of patches may become essential to enable workers to both work and receive updates while using lower-bandwidth connections. Nonessential updates should be deferred if and until an effective steady state is achieved for remote work. UEM license capacity should be assessed as more devices may need to be enrolled.Existing investments in such tools will need to be reviewed to assess what percentage of workers can be served with them, and tools that only work on an internal network should be replaced with remote control and support tools that will function over a WAN link.
Remove or reduce complex approvals required for users to work from a personal device or from an alternate location. Even as a temporary measure enforced only while workplace access is restricted, these simplified approvals will allow IT staff to focus on more critical matters and will remove time-consuming barriers to getting work done. This may include updating remote access policies that bar specific platforms (ChromeOS, macOS) that are not officially supported internally to account for the diversity in the devices users will have available to work from.
The ability to fully support workers when remote becomes more complex, and specific consideration should be given to:
Endpoint remote control.Tools that further extend IT’s ability to view and control devices (e.g., GoToMyPC, Splashtop, TeamViewer, BeyondTrust) for troubleshooting, such as remote viewing and control applications, are valuable for ensuring live support can reach users and solve problems wherever they are working. Remote control systems designed for on-premises support may not be configured appropriately for remote devices or an increased volume of personal devices accessing desktop virtualization. Assess the architecture, scale and operation of remote control tools, noting that the support engineers may also be remote.
Hardware failures. Many organizations have support models requiring staff to return to their office for hardware support. If remote working is combined with movement restrictions, then this will not be possible. Processes for couriers to distribute replacement devices and recover broken devices will be required; in locations with limited courier services alternate plans may be required. Bootable USB keys with desktop virtualization may also offer a solution to enable a user to continue working if the hardware failure is associated with the disk of the remote endpoint.
Joiners and leavers. During periods of remote work due to movement restrictions, processes for onboarding and offboarding staff will need to be updated, and this includes provision of enterprise devices.Devices or data managed by UEM solutions can be wiped remotely for leavers, or lost or stolen devices. Full device wipes should be reserved for company-owned devices.
Specific roles and workers will require dedicated resources in the form of work or go kits to remain productive. They should be aimed at providing key employees with one-stop, critical infrastructure that can move with the user.
Gartner clients have shared strategies to develop and distribute these types of kits in response to natural disasters. IT’s ability to reach and monitor key systems will be limited by a disruption, but creating go kits with core IT resources can help ensure access to key systems and communications for critical staff. These kits may be purely physical offerings or include alternate/contingency worksites.
Physical go-kit core components include the following:
Computing device or devices. PC and company-owned mobile devices with active service to ensure that loss of access to company or personal computing resources does not “strand” key staff.
Connectivity. In addition to provisioning cellular capabilities such as hot spot access on workers’ devices, a dedicated, carrier-connected hot spot is a critical component. In certain situations, deployment of nonstandard communications tools, such as the use of satellite-based voice and data, may become required as well.
Playbooks, decision trees and documentation for core systems. Provide hard copies of key information, presented in simple, action-focused workflows, in the gokit. Troubleshooting and escalation procedures, in physical format, should be reviewed — and, if lacking, developed — for key systems. Communication guidance such as disaster preparedness policies and procedures, including names and contact information of other key staff and system “owners,” is critical. Methodologies such as the Haddon Matrix can offer guidance on developing response plans (see ).
Many supply chains for key IT infrastructure — most notably on end-user devices such as PCs, mobile devices and peripherals — will be strained by a global event. Gokits do not require cutting-edge technology. Application of IT’s minimum viable product set for devices, software and connectivity should be the goal of the go-kit designer.
Physical location access will be disrupted, which supports placing these kits in multiple locations. In areas with a dense concentration of company workers, nominate disaster wardens who will maintain and can distribute these kits asneeded. Develop and distribute clear and consistent guidance on the role or job requirements that entitle a user to one of the limited number of kits.
Alternate “hot sites” will be sought by larger teams requiring multiple key personnel to work collaboratively in the same physical space. Approve access to failover sites for key staff. Where alternate physical locations are needed but not available, expect and review governance to avoid impeding key workers’ ability to procure space. Traditional expense and acquisition policies are not designed with the flexibility needed during a disruptive event, so “nonstandard” charges, such as paying for conference spaceon a company credit card, will be the norm. Review policies and adjust approval systems to enable efforts to establish a temporary base of operations.
Gartner Recommended Reading